euca-authorize default failing

I am unable to reproduce this problem. I am using Eucalyptus revno 931 and Euca2ools revno 221.

Perhaps something went wrong in the packaging?

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

$ euca-describe-groups
GROUP admin default default group
PERMISSION admin default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

On Thu, Oct 15, 2009 at 10:42:55PM -0000, Neil Soman wrote:
> I am unable to reproduce this problem. I am using Eucalyptus revno 931
> and Euca2ools revno 221.
>

I've seen that problem as well. But it's not reliably reproducible.
After some time the command succeeds. If that happens again where can
more information be found?

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

I am seeing this problem as well. Knowing where to collect debug info from would help.

Please check the wire. I'd be interested in what the cloud is
actually responding with (ngrep -d <iface> -Wbyline port 8773) on the
front end.

It is likely something to do with packaging. I have never seen it with the source install.

I have ran a capture of the traffic while the error is occuring:

Request:
CGET /services/Eucalyptus/?AWSAccessKeyId=***************************&Action=AuthorizeSecurityGroupIngress&CidrIp=0.0.0.0%2F0&FromPort=22&GroupName=default&IpProtocol=tcp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-10-16T16%3A42%3A34&ToPort=22&Version=2009-04-04&Signature=*****************%3D HTTP/1.1
Host: 192.168.0.65:8773
Accept-Encoding: identity
User-Agent: Boto/1.8d (linux2)

Reply:
HTTP/1.1 400 Bad Request
Content-Length: 381
Content-Type: application/xml; charset=UTF-8

<?xml version="1.0"?><Response><Errors><Error><Code>Groups</Code><Message>Error locating information for
<com.eucalyptus.entities.NetworkRulesGroup@e5d14fd3 uniqueName=admindefault description=null networkRules=[] userName=admin displayName=default id=null version=0 lastUpdate=null></Message></Error></Errors><RequestID>29083f78-9759-46ad-8205-0f867c2b21b9</RequestID></Response>

Hope this helps. I've replaced signature elements by *.

Nick,

do you have a server side exception/stack trace?

Are there other exceptions?

Something is definitely not right with the package.

thanks.

On Fri, Oct 16, 2009 at 04:56:26PM -0000, Neil Soman wrote:
> Nick,
>
> do you have a server side exception/stack trace?
>
> Are there other exceptions?

Which file(s) should be looked at?

> Something is definitely not right with the package.
>

Note that the error will disappear after some time and several retries.

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Unfortunately, the only report of an error on the server side is the one I got from capturing network traffic. As mathias pointed I cannot reproduce the error anymore...

Perusing the /var/log/eucalyptus/cloud-output.log which seems to contain an interesting stack trace. Attaching the relevant section.

I looks like this bug happens when an authorize is called before the group is used in another context (run-instances, describe-group, etc). For example:

euca-authorize (fails)
euca-describe-groups
euca-authorize (success)

Attaching the log file showing exception, and exact commands

If systematic, we might need to document it in the release notes.

Only first use error, I don't think it warrants a release note entry.

Probably an issue in eucalyptus rather than euca2ools, since the same command works after issuing a group command (and no state is kept client-side)

Actually, this bug has been closed a while ago and I can confirm it is not present in the current trunk. I'm afraid that it was closed incidentally and I don't know the revno, sorry.